Project

General

Profile

Actions

Bug #10910

closed

NoMethodError when opening SSL connection with OpenSSL::SSL::VERIFY_PEER set and anonymous ciphers allowed

Added by Sinjo (Chris Sinjakli) over 10 years ago. Updated almost 10 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.0dev
[ruby-core:68330]

Description

When establishing an SSL connection with peer verification enabled, if the list of allowed ciphers includes an anonymous cipher, and negotiation with the server results in that cipher being used, a NoMethodError is raised with a stack trace like:

/Users/sinjo/rubies/2.1.3/lib/ruby/2.1.0/openssl/ssl.rb:99:in `verify_certificate_identity': undefined method `extensions' for nil:NilClass (NoMethodError)
        from /Users/sinjo/rubies/2.1.3/lib/ruby/2.1.0/openssl/ssl.rb:156:in `post_connection_check'
        from /Users/sinjo/rubies/2.1.3/lib/ruby/2.1.0/net/http.rb:922:in `connect'
        from /Users/sinjo/rubies/2.1.3/lib/ruby/2.1.0/net/http.rb:863:in `do_start'
        from /Users/sinjo/rubies/2.1.3/lib/ruby/2.1.0/net/http.rb:852:in `start'
        from ../test_ssl.rb:4:in `<main>'

This is because no certificate is returned when using an anonymous cipher, while the verification code which runs when OpenSSL::SSL::VERIFY_PEER is set expects one to be present.

I've attached a patch which fixes this. Let me know if there's anything you'd like me to change (happy to refactor, or alter the approach).

This behaviour is present in 2.0, 2.1, and 2.2.


Files

ssl_verify.patch (2.71 KB) ssl_verify.patch Sinjo (Chris Sinjakli), 02/26/2015 10:53 PM
update_libssl_on_travis.patch (821 Bytes) update_libssl_on_travis.patch Sinjo (Chris Sinjakli), 07/31/2015 10:59 AM
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0